Lucee 4.5 CGI.REMOTE_USER is empty string
166 views
Skip to first unread message
Josh Beach
May 13, 2016, 12:32:05 PM5/13/16
to Lucee
We are currently migrating from ACF9 to Lucee.
This is our code:
<!--- Show login as user link for certain underwriters --->
<cfif CGI.REMOTE_USER EQ "ddd" OR CGI.REMOTE_USER EQ "sll" OR CGI.REMOTE_USER EQ
"bjh" OR CGI.REMOTE_USER EQ "mlt" OR CGI.REMOTE_USER EQ "jrb">
As you can see, it is doing a simple check of the CGI.REMOTE_USER variable, and then allowing login based on the user ID later in the code.
We currently have an .htaccess file set up in the directory where we are checking the remote user. Does that affect the way we need to check for CGI.REMOTE_USER?
What is the best way to retrieve the login user ID when access is restricted by an htaccess file?
Thanks for all of your help in advance!
Josh Beach
May 13, 2016, 1:33:53 PM5/13/16
to Lucee
I should mention that we are using the htaccess file to grab the list of user values.
Jordan Michaels
May 13, 2016, 3:55:05 PM5/13/16
to lu...@googlegroups.com
Is it anywhere else in your HTTP headers? You can use GetHttpRequestData() to check.
It might be getting lost in translation between the http proxy and tomcat too. Not sure where that info comes from, but might be worthwhile to check if using an AJP proxy instead of HTTP would make a difference.
--
Kind regards,
Jordan Michaels
Vivio Technologies
--
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/00f54bd2-56a6-484b-b060-ce8358803a99%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
It might be getting lost in translation between the http proxy and tomcat too. Not sure where that info comes from, but might be worthwhile to check if using an AJP proxy instead of HTTP would make a difference.
--
Kind regards,
Jordan Michaels
Vivio Technologies
Love Lucee? Become a supporter and be part of the Lucee project today! - http://lucee.org/supporters/become-a-supporter.html
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/00f54bd2-56a6-484b-b060-ce8358803a99%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Josh Beach
May 16, 2016, 9:44:31 AM5/16/16
to Lucee
No, it wasn't in the HTTP headers. If we are running the site on SSL, will the AJP proxy need to be configured in the https conf file? Do you have an example of how that would need to be configured?
Thanks!
Josh Beach
May 16, 2016, 12:42:46 PM5/16/16
to Lucee
We were able to identify that Apache is holding all of the environment variables and that somewhere in between Apache communicating with Tomcat, the variables are being lost.
Jordan Michaels
May 16, 2016, 2:37:57 PM5/16/16
to lu...@googlegroups.com
RE: examples: I wrote documentation for Railo several years ago that talks about the different connection methods between Apache and Tomcat. By default the Railo and Lucee installers use mod_proxy_html because it is universally available on the supported Linux distros (RHEL/CentOS & Debian/Ubuntu), it's fast, and it's functional enough to cover 95% of what most users need. I talk about two alternatives, mod_proxy_ajp and mod_jk, here:
https://github.com/getrailo/railo/wiki/Installation-InstallerDocumentation-LinAddingSites
Mark Thomas, Lead Dev for Tomcat, also talks about them here:
http://www.tomcatexpert.com/blog/2010/06/16/deciding-between-modjk-modproxyhttp-and-modproxyajp
If you used the installer and have mod_proxy_html configured, it would probably be easiest to switch to mod_proxy_ajp - which is as simple as replacing the existing "http" values with "ajp" once mod_proxy_ajp is installed into Apache.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/313d8a9a-17bf-4887-bf65-232b1f17202b%40googlegroups.com.
https://github.com/getrailo/railo/wiki/Installation-InstallerDocumentation-LinAddingSites
Mark Thomas, Lead Dev for Tomcat, also talks about them here:
http://www.tomcatexpert.com/blog/2010/06/16/deciding-between-modjk-modproxyhttp-and-modproxyajp
If you used the installer and have mod_proxy_html configured, it would probably be easiest to switch to mod_proxy_ajp - which is as simple as replacing the existing "http" values with "ajp" once mod_proxy_ajp is installed into Apache.
AJ Mercer
May 17, 2016, 9:17:09 PM5/17/16
to lu...@googlegroups.com
this is a part of what I have inside <location>
RewriteCond %{LA-U:REMOTE_USER} (.+)RewriteRule . - [E=RU:%1]RequestHeader set X_ISRW_PROXY_AUTH_USER %{RU}eRequestHeader set AUTH_USER %{RU}eRequestHeader set REMOTE_USER %{RU}e
Not sure if this will work with out the Single Sign On modules I have added
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/313d8a9a-17bf-4887-bf65-232b1f17202b%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages